Note: You are currently viewing documentation for Moodle 2.3. Up-to-date documentation for the latest stable version is available here: Backup of user data.

Backup of user data: Difference between revisions

From MoodleDocs
(default cap setting)
No edit summary
 
(5 intermediate revisions by one other user not shown)
Line 1: Line 1:
Moodle includes a feature that allows course backups to include user data (such as forum posts, glossary entries and so on).  To do this Moodle also includes the relevant user accounts as well, in order that data consistency can be maintained when the backup is restored on a different Moodle site.  Unfortunately, in the wrong hands, this feature can also cause a privacy leak and possible exploitation of the whole original site.
{{Security overview report}}[[Image:Backup of user data.png|thumb|Backup of user data report]]Moodle includes a feature that allows course backups to include user data (such as forum posts, glossary entries and so on).  To do this Moodle also includes the relevant user accounts as well, in order that data consistency can be maintained when the backup is restored on a different Moodle site.  Unfortunately, in the wrong hands, this feature can also cause a privacy leak and possible exploitation of the whole original site.


Since Moodle 1.9.7 and Moodle 1.8.11 there is a new capability to control the backup of user data [[Capabilities/moodle/backup:userinfo|moodle/backup:userinfo]], separate from the capability to backup courses.  By default this capability is allowed for the admin role only.
There is a capability to control the backup of user data [[Capabilities/moodle/backup:userinfo|moodle/backup:userinfo]], separate from the capability to backup courses.  By default this capability is allowed for the manager role only.


The security report contains a check for this, and will report on any roles or users that have this capability enabled.  Please make sure that you keep this capability only for people who really need it.
The [[Security overview|security overview report]] contains a check for this, and will report on any roles or users that have this capability enabled.  Please make sure that you keep this capability only for people who really need it.


Please also note that even if you trust all those users shown, you should make sure they are using very strong passwords (by setting a [[report/security/report_security_check_passwordpolicy|password policy]] for them), because those same capabilities become available to anyone who might crack their accounts.
Please also note that even if you trust all those users shown, you should make sure they are using very strong passwords (by setting a [[report/security/report_security_check_passwordpolicy|password policy]] for them), because those same capabilities become available to anyone who might crack their accounts.
:''Tip'': Glossary and database activity entries can easily be moved to a different course using the export and import entries feature without needing to backup user data. 


==See also==
==See also==
Line 11: Line 13:
* Using Moodle [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum]
* Using Moodle [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum]


[[Category:Security]]
[[Category:Backup]]
[[Category:Backup]]
[[de:Nutzerdaten sichern]]

Latest revision as of 11:13, 10 May 2012

Backup of user data report

Moodle includes a feature that allows course backups to include user data (such as forum posts, glossary entries and so on). To do this Moodle also includes the relevant user accounts as well, in order that data consistency can be maintained when the backup is restored on a different Moodle site. Unfortunately, in the wrong hands, this feature can also cause a privacy leak and possible exploitation of the whole original site.

There is a capability to control the backup of user data moodle/backup:userinfo, separate from the capability to backup courses. By default this capability is allowed for the manager role only.

The security overview report contains a check for this, and will report on any roles or users that have this capability enabled. Please make sure that you keep this capability only for people who really need it.

Please also note that even if you trust all those users shown, you should make sure they are using very strong passwords (by setting a password policy for them), because those same capabilities become available to anyone who might crack their accounts.

Tip: Glossary and database activity entries can easily be moved to a different course using the export and import entries feature without needing to backup user data.

See also